Iptables to allow only ultrasurf+privoxy with ultrasurf as its parent proxy
Privoxy is an HTTP proxy that can be set up to use ultrasurf as a parent proxy, whereby ultrasurf sets up a tunnel to a server provided by Ultrasurf Inc so you access the internet through the tunnel for anonymity while privoxy takes some care of privacy.
This works well. Except ultrasurf also scans certain web servers without telling anyone, which can be blocked with iptables:
iptables -A OUTPUT -p tcp -d 65.49.14.0/24 -j ACCEPT
iptables -A OUTPUT -p tcp -s 65.49.14.0/24 -j ACCEPT
iptables -P OUTPUT DROP
Ultrasurf works happily like this, only able to access its creator's server and nothing else. For example firefox can be set up with ultrasurf as the HTTP proxy, at 127.0.0.1:9666, and it works fine.
However, privoxy does not work with ultrasurf as the parent proxy if the above iptables rules are used. Only seen it working like this:
iptables -P OUTPUT ACCEPT
But then nothing is blocked and ultrasurf does its naughty scanning of assorted web servers without telling anyone.
What rules should be used to block ultrasurf but allow privoxy to have it as its parent proxy?
Last edited by Ulysses_; 04-12-2012 at 04:15 PM.
|